WordPress Plugin Vulnerabilities

Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

Proof of Concept

1. Store the script in non-sanitized fields like 'Opt in title', 'Opt in message', and 'Success Message text': <script>alert("Wild (field) appeared!")</script>
2. Visit the website, and then the script gets executed.

Affects Plugins

Plugin icon
infusionsoft-official-opt-in-forms
No known fix

References

CVE
CVE-2023-6941

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
MINGYOUNG BAN
Submitter
MINGYOUNG BAN
Submitter website
https://tara7004.tistory.com/
Verified
Yes
WPVDB ID
58f7c9aa-5e59-468f-aba9-b15e7942fd37

Timeline

Publicly Published
2023-12-21 (about 4 months ago)
Added
2023-12-21 (about 4 months ago)
Last Updated
2023-12-21 (about 4 months ago)

Other

Published
Title
Published
2014-08-01
Title
Cart66 Lite - admin.php cart66-products Page Multiple Field Stored XSS
Published
2023-06-16
Title
WP Backup Manager <= 1.13.1 - Reflected XSS
Published
2017-11-11
Title
WP Mail Logging <= 1.8.2 - Stored Cross-Site Scripting
Published
2023-08-11
Title
WP 404 Auto Redirect to Similar Post < 1.0.4 - Admin+ Stored XSS
Published
2014-08-01
Title
Eunoia - Unspecified XSS